Fix up authenticated pipes in line with vuser changes. This ensures that global

groups obtained via a domain logon are respected in the attached NT_USER_TOKEN.

This functionality is only available in HEAD, becosue of the way authenticaion
has been abstracted.

Both vuid logins and authenticated pipes need to use the same code for this in
future.

Can sombody with the correct facilties check this please?\

Thanks,

Andrew Bartlett

1 files changed, 4 insertions, 1 deletions

diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index dfe03c2eb34..a718516baaa 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -444,10 +444,13 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
 	initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
 	get_current_groups( &p->pipe_user.ngroups, &p->pipe_user.groups);
 
+	if (server_info->ptok)
+		add_supplementary_nt_login_groups(&p->pipe_user.ngroups, &p->pipe_user.groups, &server_info->ptok);
+
 	/* Create an NT_USER_TOKEN struct for this user. */
 	p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid,
 						     p->pipe_user.ngroups, p->pipe_user.groups,
-						     guest_user, NULL);
+						     guest_user, server_info->ptok);
 
 	p->ntlmssp_auth_validated = True;